CVE-2024-13419 – WordPress Smart Framework Stored Cross-Site Scripting

May 2, 2025

CVE ID : CVE-2024-13419

Published : May 2, 2025, 4:15 a.m. | 3 hours, 5 minutes ago

Description : Multiple plugins and/or themes for WordPress using Smart Framework are vulnerable to Stored Cross-Site Scripting due to a missing capability check on the saveOptions() and importThemeOptions() functions in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin’s settings which includes custom JavaScript that is enabled site-wide. This issue was escalated to Envato over two months from the date of this disclosure and the issue is still vulnerable.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-1327 – “Homey WordPress Theme Insecure Direct Object Reference Vulnerability”

Next Article CVE-2024-13418 – WordPress Theme/Plugin Arbitrary File Upload Vulnerability

Highlights

CVE-2025-48710 – Kro Kube Resource Orchestrator Remote Code Execution Vulnerability

June 4, 2025

CVE ID : CVE-2025-48710

Published : June 4, 2025, 6:15 a.m. | 1 hour, 18 minutes ago

Description : kro (Kube Resource Orchestrator) 0.1.0 before 0.2.1 allows users (with permission to create or modify ResourceGraphDefinition resources) to supply arbitrary container images. This can lead to a confused-deputy scenario where kro’s controllers deploy and run attacker-controlled images, resulting in unauthenticated remote code execution on cluster nodes.

Severity: 4.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

UX Job Interview Helpers

.NET Aspire’s CLI reaches general availability in 9.4 release

15 Essential Skills to Look for When Hiring Node.js Developers for Enterprise Projects (2025-2026)

African training program creates developers with cloud-native skills

Why I’ll keep the Samsung Z Fold 7 over the Pixel 10 Pro Fold – especially if these rumors are true

You may soon get Starlink internet for a much lower ‘Community’ price – here’s how

uBlock Origin Lite has finally arrived for Safari – with one important caveat

Perplexity says Cloudflare’s accusations of ‘stealth’ AI scraping are based on embarrassing errors

Send Notifications in Laravel with Firebase Cloud Messaging and Notifire

Send Notifications in Laravel with Firebase Cloud Messaging and Notifire

Simplified Batch Job Creation with Laravel’s Enhanced Artisan Command

Send Notifications in Laravel with Firebase Cloud Messaging and Notifire

This comfy mesh office chair I’ve been testing costs less than $400 — but there’s a worthy alternative that’s far more affordable

This comfy mesh office chair I’ve been testing costs less than $400 — but there’s a worthy alternative that’s far more affordable

How to get started with Markdown in the Notepad app for Windows 11

Microsoft Account Lockout: LibreOffice Developer’s Week-Long Nightmare Raises Concerns

CVE-2024-13419 – WordPress Smart Framework Stored Cross-Site Scripting

SonicWall Investigating Potential SSL VPN Zero-Day After 20+ Targeted Attacks Reported

Think Before You Download: UAE Cybersecurity Council Issues Warning on Unverified Apps

Redis returns to open source with AGPLv3 license but not everyone is happy

68% of tech vendor customer support to be handled by AI by 2028, says Cisco report

CVE-2025-36574 – Dell Wyse Management Suite Absolute Path Traversal Vulnerability

Generate suspicious transaction report drafts for financial compliance using generative AI

CVE-2025-48710 – Kro Kube Resource Orchestrator Remote Code Execution Vulnerability

Music Streaming Platform using PHP and MySQL

OpenAI CEO Sam Altman claims “ChatGPT is already more powerful than any human who has ever lived”

Legion Go 2

CVE-2024-13419 – WordPress Smart Framework Stored Cross-Site Scripting

Related Posts